* [LTP] [PATCH] cap_bound: should to TBROK if f != CAP_SET in exec_without_inh.c
@ 2010-02-08 6:02 Shi Weihua
2010-02-08 6:08 ` Rishikesh
0 siblings, 1 reply; 5+ messages in thread
From: Shi Weihua @ 2010-02-08 6:02 UTC (permalink / raw)
To: subrata; +Cc: ltp-list
An error occured on my i386 box.
(OS: Fedora8, Kernel: 2.6.33-rc6, libcap: libcap-2.16)
-------------
exec_without_inh 1 TFAIL : Failed to drop CAP_SYS_ADMIN from bounding set.
exec_without_inh 0 TINFO : (ret=-1, errno 38)
-------------
If the macro HAVE_DECL_CAP_BSET_DROP is 0, this error will occurs.
But the program should to be broken when f != CAP_SET, like the similar code
"if (ret || f != CAP_SET) {" in exec_with_inh.c.
The TBROK message will be outputted if my patch merged.
-------------
exec_without_inh 1 TBROK : Failed to add CAP_SYS_ADMIN to pI
-------------
Signed-off-by: Shi Weihua <shiwh@cn.fujitsu.com>
---
--- testcases/kernel/security/cap_bound/exec_without_inh.c.orig 2010-02-08 11:54:22.000000000 -0500
+++ testcases/kernel/security/cap_bound/exec_without_inh.c 2010-02-08 11:55:00.000000000 -0500
@@ -80,6 +80,11 @@ int main(int argc, char *argv[])
tst_exit();
}
}
+ else if (ret) {
+ tst_resm(TBROK, "Failed to add CAP_SYS_ADMIN to pI\n");
+ tst_exit();
+ }
+
#if HAVE_DECL_CAP_FREE
cap_free(cur);
#endif
------------------------------------------------------------------------------
The Planet: dedicated and managed hosting, cloud storage, colocation
Stay online with enterprise data centers and the best network in the business
Choose flexible plans and management services without long-term contracts
Personal 24x7 support from experience hosting pros just a phone call away.
http://p.sf.net/sfu/theplanet-com
_______________________________________________
Ltp-list mailing list
Ltp-list@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ltp-list
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [LTP] [PATCH] cap_bound: should to TBROK if f != CAP_SET in exec_without_inh.c
2010-02-08 6:02 [LTP] [PATCH] cap_bound: should to TBROK if f != CAP_SET in exec_without_inh.c Shi Weihua
@ 2010-02-08 6:08 ` Rishikesh
2010-02-08 10:10 ` Garrett Cooper
0 siblings, 1 reply; 5+ messages in thread
From: Rishikesh @ 2010-02-08 6:08 UTC (permalink / raw)
To: Shi Weihua; +Cc: ltp-list
On 02/08/2010 11:32 AM, Shi Weihua wrote:
> An error occured on my i386 box.
> (OS: Fedora8, Kernel: 2.6.33-rc6, libcap: libcap-2.16)
> -------------
> exec_without_inh 1 TFAIL : Failed to drop CAP_SYS_ADMIN from bounding set.
> exec_without_inh 0 TINFO : (ret=-1, errno 38)
> -------------
> If the macro HAVE_DECL_CAP_BSET_DROP is 0, this error will occurs.
> But the program should to be broken when f != CAP_SET, like the similar code
> "if (ret || f != CAP_SET) {" in exec_with_inh.c.
>
> The TBROK message will be outputted if my patch merged.
> -------------
> exec_without_inh 1 TBROK : Failed to add CAP_SYS_ADMIN to pI
>
Looks good. I will include if others are not having any comment.
Acked-by: Rishikesh K Rajak <risrajak@linux.vnet.ibm.com>
Thanks
Rishi
> -------------
>
> Signed-off-by: Shi Weihua<shiwh@cn.fujitsu.com>
> ---
> --- testcases/kernel/security/cap_bound/exec_without_inh.c.orig 2010-02-08 11:54:22.000000000 -0500
> +++ testcases/kernel/security/cap_bound/exec_without_inh.c 2010-02-08 11:55:00.000000000 -0500
> @@ -80,6 +80,11 @@ int main(int argc, char *argv[])
> tst_exit();
> }
> }
> + else if (ret) {
> + tst_resm(TBROK, "Failed to add CAP_SYS_ADMIN to pI\n");
> + tst_exit();
> + }
> +
> #if HAVE_DECL_CAP_FREE
> cap_free(cur);
> #endif
>
> ------------------------------------------------------------------------------
> The Planet: dedicated and managed hosting, cloud storage, colocation
> Stay online with enterprise data centers and the best network in the business
> Choose flexible plans and management services without long-term contracts
> Personal 24x7 support from experience hosting pros just a phone call away.
> http://p.sf.net/sfu/theplanet-com
> _______________________________________________
> Ltp-list mailing list
> Ltp-list@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/ltp-list
>
------------------------------------------------------------------------------
The Planet: dedicated and managed hosting, cloud storage, colocation
Stay online with enterprise data centers and the best network in the business
Choose flexible plans and management services without long-term contracts
Personal 24x7 support from experience hosting pros just a phone call away.
http://p.sf.net/sfu/theplanet-com
_______________________________________________
Ltp-list mailing list
Ltp-list@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ltp-list
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [LTP] [PATCH] cap_bound: should to TBROK if f != CAP_SET in exec_without_inh.c
2010-02-08 6:08 ` Rishikesh
@ 2010-02-08 10:10 ` Garrett Cooper
2010-02-09 2:19 ` Shi Weihua
0 siblings, 1 reply; 5+ messages in thread
From: Garrett Cooper @ 2010-02-08 10:10 UTC (permalink / raw)
To: Rishikesh; +Cc: ltp-list
On Sun, Feb 7, 2010 at 10:08 PM, Rishikesh <risrajak@linux.vnet.ibm.com> wrote:
> On 02/08/2010 11:32 AM, Shi Weihua wrote:
>> An error occured on my i386 box.
>> (OS: Fedora8, Kernel: 2.6.33-rc6, libcap: libcap-2.16)
>> -------------
>> exec_without_inh 1 TFAIL : Failed to drop CAP_SYS_ADMIN from bounding set.
>> exec_without_inh 0 TINFO : (ret=-1, errno 38)
>> -------------
>> If the macro HAVE_DECL_CAP_BSET_DROP is 0, this error will occurs.
>> But the program should to be broken when f != CAP_SET, like the similar code
>> "if (ret || f != CAP_SET) {" in exec_with_inh.c.
>>
>> The TBROK message will be outputted if my patch merged.
>> -------------
>> exec_without_inh 1 TBROK : Failed to add CAP_SYS_ADMIN to pI
>>
> Looks good. I will include if others are not having any comment.
>
> Acked-by: Rishikesh K Rajak <risrajak@linux.vnet.ibm.com>
>
> Thanks
> Rishi
>
>> -------------
>>
>> Signed-off-by: Shi Weihua<shiwh@cn.fujitsu.com>
>> ---
>> --- testcases/kernel/security/cap_bound/exec_without_inh.c.orig 2010-02-08 11:54:22.000000000 -0500
>> +++ testcases/kernel/security/cap_bound/exec_without_inh.c 2010-02-08 11:55:00.000000000 -0500
>> @@ -80,6 +80,11 @@ int main(int argc, char *argv[])
>> tst_exit();
>> }
>> }
>> + else if (ret) {
>> + tst_resm(TBROK, "Failed to add CAP_SYS_ADMIN to pI\n");
>> + tst_exit();
>> + }
>> +
>> #if HAVE_DECL_CAP_FREE
>> cap_free(cur);
>> #endif
Wow -- I really made a mess of that test a few months back... please do...
else if (ret) {
tst_brkm(TBROK | TERRNO, tst_exit, "Failed to add
CAP_SYS_ADMIN to pI");
}
... instead.
Thanks for catching that one failure point ;)...!
-Garrett
------------------------------------------------------------------------------
The Planet: dedicated and managed hosting, cloud storage, colocation
Stay online with enterprise data centers and the best network in the business
Choose flexible plans and management services without long-term contracts
Personal 24x7 support from experience hosting pros just a phone call away.
http://p.sf.net/sfu/theplanet-com
_______________________________________________
Ltp-list mailing list
Ltp-list@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ltp-list
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [LTP] [PATCH] cap_bound: should to TBROK if f != CAP_SET in exec_without_inh.c
2010-02-08 10:10 ` Garrett Cooper
@ 2010-02-09 2:19 ` Shi Weihua
2010-02-09 14:49 ` Garrett Cooper
0 siblings, 1 reply; 5+ messages in thread
From: Shi Weihua @ 2010-02-09 2:19 UTC (permalink / raw)
To: Garrett Cooper; +Cc: ltp-list
at 2010-2-8 18:10, Garrett Cooper wrote:
> On Sun, Feb 7, 2010 at 10:08 PM, Rishikesh <risrajak@linux.vnet.ibm.com> wrote:
>> On 02/08/2010 11:32 AM, Shi Weihua wrote:
>>> An error occured on my i386 box.
>>> (OS: Fedora8, Kernel: 2.6.33-rc6, libcap: libcap-2.16)
>>> -------------
>>> exec_without_inh 1 TFAIL : Failed to drop CAP_SYS_ADMIN from bounding set.
>>> exec_without_inh 0 TINFO : (ret=-1, errno 38)
>>> -------------
>>> If the macro HAVE_DECL_CAP_BSET_DROP is 0, this error will occurs.
>>> But the program should to be broken when f != CAP_SET, like the similar code
>>> "if (ret || f != CAP_SET) {" in exec_with_inh.c.
>>>
>>> The TBROK message will be outputted if my patch merged.
>>> -------------
>>> exec_without_inh 1 TBROK : Failed to add CAP_SYS_ADMIN to pI
>>>
>> Looks good. I will include if others are not having any comment.
>>
>> Acked-by: Rishikesh K Rajak <risrajak@linux.vnet.ibm.com>
>>
>> Thanks
>> Rishi
>>
>>> -------------
>>>
>>> Signed-off-by: Shi Weihua<shiwh@cn.fujitsu.com>
>>> ---
>>> --- testcases/kernel/security/cap_bound/exec_without_inh.c.orig 2010-02-08 11:54:22.000000000 -0500
>>> +++ testcases/kernel/security/cap_bound/exec_without_inh.c 2010-02-08 11:55:00.000000000 -0500
>>> @@ -80,6 +80,11 @@ int main(int argc, char *argv[])
>>> tst_exit();
>>> }
>>> }
>>> + else if (ret) {
>>> + tst_resm(TBROK, "Failed to add CAP_SYS_ADMIN to pI\n");
>>> + tst_exit();
>>> + }
>>> +
>>> #if HAVE_DECL_CAP_FREE
>>> cap_free(cur);
>>> #endif
>
> Wow -- I really made a mess of that test a few months back... please do...
>
> else if (ret) {
> tst_brkm(TBROK | TERRNO, tst_exit, "Failed to add
> CAP_SYS_ADMIN to pI");
> }
>
> ... instead.
ok. I fixed it based on your advice.
Signed-off-by: Shi Weihua<shiwh@cn.fujitsu.com>
---
--- testcases/kernel/security/cap_bound/exec_without_inh.c.orig 2010-02-08 11:54:22.000000000 -0500
+++ testcases/kernel/security/cap_bound/exec_without_inh.c 2010-02-09 10:11:15.000000000 -0500
@@ -80,6 +80,10 @@ int main(int argc, char *argv[])
tst_exit();
}
}
+ else if (ret) {
+ tst_brkm(TBROK | TERRNO, tst_exit, "Failed to add \
+ CAP_SYS_ADMIN to pI");
+ }
#if HAVE_DECL_CAP_FREE
cap_free(cur);
#endif
> Thanks for catching that one failure point ;)...!
> -Garrett
>
>
------------------------------------------------------------------------------
The Planet: dedicated and managed hosting, cloud storage, colocation
Stay online with enterprise data centers and the best network in the business
Choose flexible plans and management services without long-term contracts
Personal 24x7 support from experience hosting pros just a phone call away.
http://p.sf.net/sfu/theplanet-com
_______________________________________________
Ltp-list mailing list
Ltp-list@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ltp-list
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [LTP] [PATCH] cap_bound: should to TBROK if f != CAP_SET in exec_without_inh.c
2010-02-09 2:19 ` Shi Weihua
@ 2010-02-09 14:49 ` Garrett Cooper
0 siblings, 0 replies; 5+ messages in thread
From: Garrett Cooper @ 2010-02-09 14:49 UTC (permalink / raw)
To: Shi Weihua; +Cc: ltp-list
On Feb 8, 2010, at 6:19 PM, Shi Weihua wrote:
> at 2010-2-8 18:10, Garrett Cooper wrote:
>> On Sun, Feb 7, 2010 at 10:08 PM, Rishikesh <risrajak@linux.vnet.ibm.com> wrote:
>>> On 02/08/2010 11:32 AM, Shi Weihua wrote:
>>>> An error occured on my i386 box.
>>>> (OS: Fedora8, Kernel: 2.6.33-rc6, libcap: libcap-2.16)
>>>> -------------
>>>> exec_without_inh 1 TFAIL : Failed to drop CAP_SYS_ADMIN from bounding set.
>>>> exec_without_inh 0 TINFO : (ret=-1, errno 38)
>>>> -------------
>>>> If the macro HAVE_DECL_CAP_BSET_DROP is 0, this error will occurs.
>>>> But the program should to be broken when f != CAP_SET, like the similar code
>>>> "if (ret || f != CAP_SET) {" in exec_with_inh.c.
>>>>
>>>> The TBROK message will be outputted if my patch merged.
>>>> -------------
>>>> exec_without_inh 1 TBROK : Failed to add CAP_SYS_ADMIN to pI
>>>>
>>> Looks good. I will include if others are not having any comment.
>>>
>>> Acked-by: Rishikesh K Rajak <risrajak@linux.vnet.ibm.com>
>>>
>>> Thanks
>>> Rishi
>>>
>>>> -------------
>>>>
>>>> Signed-off-by: Shi Weihua<shiwh@cn.fujitsu.com>
>>>> ---
>>>> --- testcases/kernel/security/cap_bound/exec_without_inh.c.orig 2010-02-08 11:54:22.000000000 -0500
>>>> +++ testcases/kernel/security/cap_bound/exec_without_inh.c 2010-02-08 11:55:00.000000000 -0500
>>>> @@ -80,6 +80,11 @@ int main(int argc, char *argv[])
>>>> tst_exit();
>>>> }
>>>> }
>>>> + else if (ret) {
>>>> + tst_resm(TBROK, "Failed to add CAP_SYS_ADMIN to pI\n");
>>>> + tst_exit();
>>>> + }
>>>> +
>>>> #if HAVE_DECL_CAP_FREE
>>>> cap_free(cur);
>>>> #endif
>>
>> Wow -- I really made a mess of that test a few months back... please do...
>>
>> else if (ret) {
>> tst_brkm(TBROK | TERRNO, tst_exit, "Failed to add
>> CAP_SYS_ADMIN to pI");
>> }
>>
>> ... instead.
>
> ok. I fixed it based on your advice.
>
> Signed-off-by: Shi Weihua<shiwh@cn.fujitsu.com>
> ---
> --- testcases/kernel/security/cap_bound/exec_without_inh.c.orig 2010-02-08 11:54:22.000000000 -0500
> +++ testcases/kernel/security/cap_bound/exec_without_inh.c 2010-02-09 10:11:15.000000000 -0500
> @@ -80,6 +80,10 @@ int main(int argc, char *argv[])
> tst_exit();
> }
> }
> + else if (ret) {
> + tst_brkm(TBROK | TERRNO, tst_exit, "Failed to add \
> + CAP_SYS_ADMIN to pI");
> + }
> #if HAVE_DECL_CAP_FREE
> cap_free(cur);
> #endif
>
>> Thanks for catching that one failure point ;)...!
>> -Garrett
Committed -- thanks!
-Garrett
------------------------------------------------------------------------------
The Planet: dedicated and managed hosting, cloud storage, colocation
Stay online with enterprise data centers and the best network in the business
Choose flexible plans and management services without long-term contracts
Personal 24x7 support from experience hosting pros just a phone call away.
http://p.sf.net/sfu/theplanet-com
_______________________________________________
Ltp-list mailing list
Ltp-list@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ltp-list
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2010-02-09 14:50 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2010-02-08 6:02 [LTP] [PATCH] cap_bound: should to TBROK if f != CAP_SET in exec_without_inh.c Shi Weihua
2010-02-08 6:08 ` Rishikesh
2010-02-08 10:10 ` Garrett Cooper
2010-02-09 2:19 ` Shi Weihua
2010-02-09 14:49 ` Garrett Cooper
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox